The founder of the DeFi platform Nexus Mutual, told details about the recent hacking of his wallet, as a result he lost 370,000 NXM worth $8.4 million.
The hack occurred on December 14, and according to Hugh Karp, he did not install any new software. That day, he was composing an email and noticed that the computer screen blinked several times, but he did not pay attention to it. As it turned out later, the flashing screen was a sign that the attacker had gained remote access to the computer.
After taking control of Hugh computer, the attacker removed the MetaMask extension from Hugh Karp’s computer and replaced it with a malicious version of the program. As previously reported, on December 14, the founder of Nexus Mutual tried to make a transaction from his Ledger hardware wallet using MetaMask.
The transaction looked normal, the malicious version of the wallet replaced the original one, so without noticing I calmly confirmed The transaction. On the Ledger wallet, information about the transaction also appeared, and here I did not check the addresses, as NXM tokens are not directly supported by ledger so it didn’t pre-fill human readable info and I confirmed the transaction. Then I saw MetaMask confirming the transaction as successful, but the Nexus Mutual app didn’t receive the funds. Then, I checked Etherscan, and realized what has happened.
Hugh Karp admits that if he had carefully checked the transaction details on the Ledger wallet, the theft could have been avoided. He said that the hack was aimed at him.
A post-mortem and status update on the NXM hack from last week.
Thanks to everyone for their messages of support, and specifically to those that have been helping out our investigations.https://t.co/cCFsoP9WTD
— Hugh Karp 🐢 (@HughKarp) December 21, 2020
Experts from Kaspersky Lab are helping Hugh Karp in the investigation of the incident, it is still unknown what vulnerability the hackers used to gain access to the victim’s computer. The founder of the platform emphasizes that users need to use MetaMask with maximum cautions.
Recall that on December 16, the hacker sold 35% of the tokens stolen from Hugh Karp swapping them to ETH and renBTC tokens.